There are three levels of permissions that control what you can do on the platform; ecosystem roles, company plans and invitation to work/assets. Their respective order serves as a hierarchy, where ecosystem roles provide the most versatile functionality to users, and invitation to work/assets provides the most constrained functionality.
1. Ecosystem roles
Users bearing ecosystem roles are provided with powerful permissions to manage higher level parts of an ecosystem. These permissions let those users manage and alter workflows and asset types.
Ecosystem orchestrators
Ecosystem orchestrators gain control over large parts of your ecosystem. They automatically get workflow owner permissions over all workflows and asset type owner permissions over all asset types in your ecosystem for your company. Additionally they are granted the ability to create new workflows and asset types.
Once you are an ecosystem orchestrator, you can appoint and revoke other users’ ecosystem orchestrator status. Ecosystem creators are automatically given ecosystem orchestrator permissions, which can’t be removed by any user.
Ecosystem orchestrators do not get access to all work items, only to those created by members of their company (due to the workflow owner permissions).
Learn how to appoint ecosystem orchestrators by clicking here and navigating to Orchestrators.
Workflow owners
Workflow owner is a permission set appointed to users for individual workflows, granting special permissions to those users. They can edit, duplicate and delete workflows. Additionally they can access the Manage Workflow sidepanel, where they can edit the workflow’s icon & name, as well as appoint other workflow owners.
Learn how to appoint workflow owners by clicking here and navigating to Owners.
Asset type owners
Asset type owners is a permission set appointed to users for individual asset types, granting special permissions to those users. They can edit, delete and manage permissions for the asset type. Additionally they can access the Manage Asset type sidepanel, where they can edit the asset type’s icon & name, as well as appoint other asset type owners.
Learn how to appoint asset type owners by clicking here and navigating to Owners.
2. Company plans
Company plans are a way to expand the capability of your Ecosystem by inviting other companies to contribute. They enable instant access to any member within a company to create work items in workflows, and to view all Assets within an ecosystem.
Learn how to invite users to a company plan by clicking here and navigating to Plans
What permissions do other companies get?
- The ability to start Work
- The ability to view all Assets (this is required so that members of companies can interact with Asset Search Components in Work items)
A few key points
- To invite a company to the plan you must invite one of the members of the company to be the Plan Owner
- Doing so gives every member of the company the permissions listed above
- Plan Owners don’t get any special permission and just act as a good contact point to reach the company directly
- Being part of a company plan allows you to create work items, but it does not give you the workflow owner role within workflows. Consequently, you are not able to change permissions of other users within a work item, even if you created it.
Hidden work owners
- If someone from your company created a work item, your company owns the work item
- If your company owns a work item, all workflow owners from that company get access to the work item as a hidden work owner
- Hidden work owners can view and make edits within these work items, but only show up in the members list once they’ve made an edit
3. Explicit invitation to work items or assets
Explicit invitations are invitations to users to work on a specific asset or work item. When a user is explicitly invited to a work item or asset, where this is their highest level of permission, they are only able to interact in that work item to the degree of which they have been allowed to. Their scope is focused only on the item they’ve been invited to, which does not expand to other items within the same workflow/asset type unless explicitly invited to those too. Explicit invitations are shown in the share panel.
Work item/asset invite
A user invited to an asset/work item is given access to view only that work item. They may also be given permissions to edit the work item.
Task invite
A user invited to a task within a work item is given access to view only that task within the work item. They may also be given permission to edit the fields within the task. Users invited in this manner can not see the rest of the work item, except for other tasks they have been invited to.
Delegation
When a user that has been explicitly invited gets delegated access, they gain the same permissions in that work item as the person who delegated their access to this user would have.